How does the validation of a code signing certificate work?

By using code signing certificates, you can sign software or code to make it clear where it comes from and that it can be trusted. This is done by applying a special signature that tells the browser who is responsible for the development of the software and that no unauthorized changes have been made by third parties.

In the event of an attempt to download your software, the user can now trace who the developer is and ensure that the software has not been tampered with. This certainty allows the user to trust that they are downloading exactly what you intended. At the same time, they realize who you are as the developer.

These aspects are crucial to the success of a software developer. No one wants to download an application that could potentially have a negative impact on their computer, and operating systems are aware of these concerns. Therefore, warnings are displayed when trying to install software from a source that is not known to be trustworthy.

So the question is: how do you become a trusted source? How can you prevent these warnings from popping up before someone tries to run your software or code?

Issuing a code signing certificate is possible for both organizations and individuals.

How the validation of an organization works

Organizational validation involves checking the following criteria:

Operational existence
- Verification of the legal identity of the organization and/or the DBA (doing business as)
- The organization must be doing business.
- Validation is based on a combination of legal registration (e.g. https://www.handelsregister.de) and other reliable third-party sources (e.g. https://www.dnb.com)
Physical existence
Similar to the verification of operational existence, the legal registration (e.g. https://www.handelsregister.de) and other reliable third-party sources (e.g. https://www.dnb.com) are used to verify the business address.

Business telephone number
The main business telephone number is verified using reliable third party databases.
Global - https://www.dandb.com/
Global - https://www.hoovers.com/
Germany / Global - https://www.upik.de
Austria only - https://www.herold.at
Germany / Austria - https://www.unternehmensverzeichnis.org
Europe - https://www.bisnode.com/
Spain - https://empresas.informa.es/
European - https://www.bvdinfo.com/en-gb/home/
European - https://www.creditsafe.nl
Germany only- https://www.firmenwissen.de/index.html
France only - https://www.aef.cci.fr/
United Kingdom only - https://www.duedil.com
Sweden- https://www.allabolag.se
Japan - https://cnet.tdb.ne.jp/cnet/ta111p01/ta111pInit.do
Greece - https://www.acci.gr/acci/catalogue/result.jsp
Official photo ID of the applicant
To verify the applicant (administrative contact) on the order, a copy of a valid official photo ID is required.
- This can be, for example, a valid driver's license, passport, ID card or military ID with the same name as the order.
- To verify the photo ID, in addition to the copy of the photo ID, a clear photo must also be sent in which the applicant's face and the photo ID are clearly recognizable. It must be possible to compare the photo with the copy of the photo ID.
Verification of the authority and authenticity of the order
- For this purpose, a callback is made to the previously verified telephone number of the organization.
- A person authorized to apply for a certificate confirms the order for this organization.

If a document or one of the requirements is not fulfilled during validation, we will contact you by e-mail, explain the problem and provide you with steps to solve the problem. You are welcome to send us the missing documents by e-mail in response.

How the validation of an individual works

The validation of an individual person differs slightly from the validation of an organization, as you do not have to prove that you are a company, but an individual developer who has to prove his identity.

You can choose between 2 options for validation:

Option 1: This option requires 2 documents to verify your identity

If you can provide an official photo ID with an address that matches the name and address on the order, you can use this option.

To verify your details on the order, a copy of a valid official photo ID is required. This can be, for example, a valid driver's license, passport, ID card or military ID on which your name matches the name on the order.
To verify the photo ID, in addition to the copy of the photo ID, you must also send a clear photo in which your face and the photo ID are clearly recognizable. The photo must be able to be compared with the copy of the photo ID.

Option 2: Submission of a face-to-face document

If the address on the official photo ID does not match the address in the order or does not include an address, you must fill out a face-to-face document. The face-to-face document contains specific instructions and requires the forms to be notarized and notarized by a notary public.

The face-to-face notarization form needs to be completed and signed by a notary public authorized to practice in your area/country.

The submission of the following documents is required

A notarized copy of a valid driver's license, passport, identification card or military ID that contains your name and matches the name on the order.
The face-to-face personal declaration
The face-to-face declaration to confirm the person

It may be necessary to make a call back to a verified phone number to further verify the applicant before issuing the certificate.

Where do the documents and information need to be sent?

Please send all documents and information to validate your code signing certificate order by post, fax or email to:

EuropeanSSL
c/o EUNETIC GmbH
Draisstraße 1
DE-76448 Durmersheim
Fax: +49 7245 919 585
E-mail: docs@europeanssl.eu

If you have any queries or encounter problems during the ordering or validation process, please do not hesitate to contact our support team.

Was this article helpful?
No Yes